#VU71486 Race condition in Samba - CVE-2021-20251


Vulnerability identifier: #VU71486

Vulnerability risk: Low

CVSSv4.0: 0.6 [CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-20251

CWE-ID: CWE-362

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
Samba
Server applications / Directory software, identity management

Vendor: Samba

Description

The vulnerability allows a remote attacker to perform a brute-force attack.

The vulnerability exists due to a race condition in Samba when incrementing bad password attempts. Each connection to Samba gets a separate process, and each process loads, increments, and saves the bad password count without any coordination. A remote attacker can perform a brute-force attack using multiple threats and bypass imposed limits on the number of allowed incorrect passwords.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Samba: 4.1.0 - 4.17.0, 4.2.0 - 4.2.14, 4.3.0 - 4.3.13, 4.4.0 rc4 - 4.4.16, 4.5.0 - 4.5.16, 4.6.0 - 4.6.16, 4.7.0 - 4.7.12, 4.8.0 - 4.8.12, 4.9.0 - 4.9.18

External links
https://bugzilla.samba.org/show_bug.cgi?id=14611
https://gitlab.com/samba-team/samba/-/merge_requests/2708

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Oracle Solaris update for thrid-party components
Gentoo update for Samba
Multiple vulnerabilities in Dell EMC SRM and Dell EMC Storage Monitoring and Reporting (SMR)
Multiple vulnerabilities in Dell Cloud Tiering Appliance
Multiple vulnerabilities in Dell EMC VxRail Appliance
SUSE update for samba
SUSE update for samba
Ubuntu update for samba
SUSE update for samba
SUSE update for samba